Default cookie expiration time has been reduced to 30 days. Login cookie expiration time is kept at 180 days.

A new configuration variable has been added: $wgCookieSetOnAutoblock. This determines whether to set a cookie when a user is autoblocked. Doing so means that a blocked user, even after logging out and moving to a new IP address, will still be blocked.

The resetpassword right and associated password reset capture feature has been removed.

The $error parameter to the EmailUser hook should be set to a Status object or boolean false. This should be compatible with at least MediaWiki 1.23 if not earlier. Returning a raw HTML string is now deprecated.

The $message parameter to the ApiCheckCanExecute hook should be set to an ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a code for ApiBase::parseMsg() will no longer work.

ApiBase::$messageMap is no longer public. Code attempting to access it will result in a PHP fatal error.

(T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code of the page being parsed.

HTML5 form validation attributes will no longer be suppressed. Originally browsers had poor support for them, but modern browsers handle them fine. This might affect some forms that used them and only worked because the attributes were not actually being set.

Expiry times can now be specified when users are added to user groups.

Completely new user interface for the RecentChanges page, which structures filters into user-friendly groups. This has corresponding changes to how filters are registered by core and extensions.

The edit form now uses pretty OOjs UI buttons, checkboxes and summary input. Because this change can cause problems for extensions and on-wiki scripts depending on the exact HTML, the old version is still available and can be used by setting $wgOOUIEditPageManual:$wgOOUIEditPage = false; in LocalSettings.php. This will be removed later and OOjs UI will become the only option. To make testing easier, users can also force either mode by adding &ooui=true or &ooui=false to the action=edit URL.

Submitting sensitive authentication request parameters to action=login, action=clientlogin, action=createaccount, action=linkaccount, and action=changeauthenticationdata in the query string is now an error. They should be submitted in the POST body instead.

The capture option for action=resetpassword has been removed

action=clearhasmsg now requires a POST.

(T47843) API errors and warnings may be requested in non-English languages using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters.

API error codes may have changed. Most notably, errors from modules using parameter prefixes (e.g. all query submodules) will no longer be prefixed.

ApiPageSet-using modules will report the 'invalidreason' using the specified 'errorformat'.

action=emailuser may return a "Warnings" status, and now returns 'warnings' and 'errors' subelements (as applicable) instead of 'message'.

action=imagerotate returns an 'errors' subelement rather than 'errormessage'.

action=move now reports errors when moving the talk page as an array under key 'talkmove-errors', rather than using 'talkmove-error-code' and 'talkmove-error-info'. The format for subpage move errors has also changed.

action=revisiondelete no longer includes a "rendered" property on warnings and errors for each item. Use errorformat=wikitext if you're wanting parsed output.

New methods were added to ApiBase to handle errors and warnings using i18n keys. Methods for using hard-coded English messages were deprecated:

ApiBase::dieUsage() was deprecated

ApiBase::dieUsageMsg() was deprecated

ApiBase::dieUsageMsgOrDebug() was deprecated

ApiBase::getErrorFromStatus() was deprecated

ApiBase::parseMsg() was deprecated

ApiBase::setWarning() was deprecated

ApiBase::$messageMap is no longer public. Code attempting to access it will result in a PHP fatal error.

The $message parameter to the ApiCheckCanExecute hook should be set to an ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a code for ApiBase::parseMsg() will no longer work.

UsageException is deprecated in favor of ApiUsageException. For the time being ApiUsageException is a subclass of UsageException to allow things that catch only UsageException to still function properly.

If, for some strange reason, code was using an ApiErrorFormatter instead of ApiErrorFormatter_BackCompat, note that the result format has changed and various methods now take a module path rather than a module name.

ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes from the message key, and maps some message keys for backwards compatibility.

API parameters may now be marked as "sensitive" to keep their values out of the logs.

MediaWiki supports over 350 languages. Many localisations are updated regularly. Below only new and removed languages are listed, as well as changes to languages because of Phabricator reports.

Based as always on linguistic studies on intelligibility and language knowledge by geography, language fallbacks have been expanded. When a translation is missing in the user's preferred interface language, the corresponding translation for the fallback language will be used instead. English will only be used as last resort when there are no translations. Some configurations (such as date formats and gender namespaces) have also been updated when using the fallback language's configuration was inadequate. The new or reinstated language fallbacks are (after cs ↔ sk in 1.28): ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro; sh → bs, sr-el, hr.

(T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian language will now use the default fallback language: English. When a translation to Ukrainian is not available, an English string will be shown.

MWHttpRequest::execute() should be considered to return a StatusValue; the Status return type is deprecated.

User::edits() (deprecated in 1.21) was removed.

Xml::escapeJsString() (deprecated in 1.21) was removed.

Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21) were removed.

Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21) were removed.

Hook ArticleViewCustom (deprecated in 1.21) was removed. Use ArticleContentViewCustom instead.

Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed.

Class RevisiondeleteAction (deprecated in 1.25) was removed.

WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed.

WikiPage::getText() (deprecated in 1.21) was removed.

Article::fetchContent() (deprecated in 1.21) was removed.

User::getPassword() (deprecated in 1.27) was removed.

User::getTemporaryPassword() (deprecated in 1.27) was removed.

User::isPasswordReminderThrottled() (deprecated in 1.27) was removed.

Class FSRepo (deprecated in 1.19) was removed.

WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId() instead.

Class ImageGallery (deprecated in 1.22) was removed. Use ImageGalleryBase::factory instead.

Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class instead.

Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now emit warnings). Create a subclass of Action and add it to $wgActionsManual:$wgActions instead.

WikiRevision::getText() (deprecated since 1.21) is no longer marked deprecated.

Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed.

Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed.

Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed.

Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed.

RedisConnectionPool::handleException (deprecated since 1.23) was removed.

The static properties mw.Api.errors and mw.Api.warnings, containing incomplete and outdated lists of errors/warnings returned by the API, are now deprecated.

wiki.phtml entry point was removed. Refer to index.php instead. If you want "wiki.phtml" URLs to continue to work, set up redirects. In Apache, this can be done by enabling mod_rewrite and adding the following rules to your configuration:

User::getGroupName(), User::getGroupMember(), User:getGroupPage(), User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated. Use equivalent methods on the UserGroupMembership class.

Maintenance scripts and tests that call User::addGroup() must now ensure that User objects have been added to the database prior to calling addGroup().

Protected function UsersPager::getGroups() was removed, and protected function UsersPager::buildGroupLink() was changed from a static to an instance method.

The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed; see docs/hooks.txt.

User::crypt() (deprecated in 1.24) was removed.

User::comparePasswords() (deprecated in 1.24) was removed.

ArchivedFile::getUserText() (deprecated in 1.23) was removed.

HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed.

BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage and subclasses. It should only break if you call buildMainQueryConds (changed to buildQuery with new signature) or doMainQuery (new signature). Subclasses are likely to call at least doMainQuery (possibly both), but other classes might too, because they were public.

Also, some related hooks were deprecated, but this is not yet a breaking change.

Removed 'jquery.arrowSteps' module. (deprecated since 1.28)

The 'jquery.autoEllipsis' ResourceLoader module is now deprecated.

WikiRevision::$fileIsTemp was deprecated.

WikiRevision::$importer was deprecated.

WikiRevision::$user was deprecated.

Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the WikiPage::PURGE_* constants are deprecated, and the functions will always return false. They were a hack for an issue that has since been fixed.

Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook 'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options' if you don't actually care about checkboxes and just want to add some HTML to the page.

Selflinks are now rendered as href-less <a> tags with the class mw-selflink rather than <strong> tags. The old class name, "selflink", was deprecated and will be removed in a future release. (T160480)

The ID of the <li> element containing the login link has changed from 'pt-login' to 'pt-login-private' in private wikis.

The old, neglected "bulletin board style toolbar" in the edit form is now deprecated (T30856). This old code dates from 2006, and was replaced in the MediaWiki release tarball and in Wikimedia production by the WikiEditor extension in 2010. It is only shown to users if no other editor was installed, and leads to confusion.

(T92459) Loading ResourceLoader modules containing JavaScript through addModuleStyles() is deprecated and will log a warning server-side.

1.29 has several database changes since 1.28, and will not work without schema updates. Note that due to changes to some very large tables like the revision table, the schema update may take quite long (minutes on a medium sized site, many hours on a large site).

Don't forget to always back up your database before upgrading!

See the file UPGRADE for more detailed upgrade instructions, including important information when upgrading from versions prior to 1.11.

Documentation for both end-users and site administrators is available on MediaWiki.org, and is covered under the GNU Free Documentation License (except for pages that explicitly state that their contents are in the public domain):